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ABSTRACT 

The  unique  characteristics  of  battlefield  mobile  ad  hoc  net¬ 
works  bring  severe  security  challenges  to  die  application  of 
reliable  server  pooling  (rSerPool).  This  paper  uses  a  novel 
threshold  signature  scheme  with  the  features  of  ad  hoc  sever 
selection  and  dynamic  group  membership  to  secure  the  ser¬ 
vice  provision  phase  of  the  rSerPool  application  in  MANET. 
Our  distributed  and  survivable  threshold  signature  scheme 
can  tolerate  “single  point  of  failure”  and  Byzantine  attacks. 
Its  ad  hoc  server  selection  increases  service  availability  and 
decreases  service  latency.  Our  signature  scheme  provides 
essential  authentication  service  in  rSerPool  and  can  be  fur¬ 
ther  used  as  part  of  distributed  certificate  authority  in  MANET. 

I.  INTRODUCTION 

Mobile  ad-hoc  networks  (MANETs)  are  of  increasing  in¬ 
terest  for  a  diverse  set  of  applications  on  the  battlefield.  In¬ 
stead  of  using  a  centralized  infrastructure,  nodes  in  MANET 
cooperate  with  each  other  to  provide  networking  during  their 
movements.  Such  capability  is  essential  for  the  Future  Com¬ 
bat  Systems  on  the  battlefield  where  pre-existing  or  central¬ 
ized  communication  infrastructures  are  not  available.  MANET 
on  the  battlefield  can  provide  various  services  to  support  dif¬ 
ferent  missions,  such  as  enemy  situation,  battlefield  map, 
etc.  Successful  realization  of  these  services  confronts  tremen¬ 
dous  challenges  not  only  from  a  harsh  communication  envi¬ 
ronment  due  to  the  factors  of  node  mobility,  radio  fading  and 
interfering,  but  also  from  enemies’  attacks.  Preserving  the 
reliability  of  the  services  on  the  battlefield  is  as  important  as 
the  services  themselves. 

Reliable  server  pooling  (rSerPool)  is  an  approach  that  pro¬ 
vides  the  reliability  of  services  by  introducing  redundancy  in 
the  number  of  servers  available  to  a  client.  There  are  three 
classes  of  entities  in  the  rSerPool  architecture:  Pool  Element 
(PE),  Name  Server  (NS)  and  Pool  User  (PU).  PE  is  one  of 
the  servers  that  provide  same  service  functionality.  NS  is  re¬ 
sponsible  for  maintaining  server  pools  which  includes  pool 
name  resolution,  PE  registration/deregistration,  load  balance 
and  cooperation  with  other  NSs.  PU  is  the  client  being 
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served  by  PEs.  When  one  PE  is  dropped  in  the  middle  of 
service  due  to  any  of  a  number  of  possible  reasons,  the  PU 
can  still  be  served  by  the  next  available  PE  without  breaking 
the  current  session.  The  architecture  and  protocols  for  the 
management  and  operation  of  rSerPool  are  being  developed 
by  IETF  [1]  to  support  highly  reliability-demanding  applica¬ 
tions  on  Internet.  The  advantages  of  rSerPool,  especially  the 
failover  merit,  also  make  it  very  attractive  in  tactical  mobile 
ad  hoc  networks. 

The  unique  features  of  battlefield  MANETs  bring  the  ap¬ 
plication  of  rSerPool  serious  challenges  in  security.  Wire¬ 
less  links  are  susceptible  to  attacks  from  passive  eavesdrop¬ 
ping  to  active  impersonating.  Nodes  roaming  in  battlefield 
have  non-negligible  probability  of  being  compromised.  The 
compromised  node  would  launch  Byzantine  attacks  from  the 
inside  of  the  network.  Trust  relationships  among  nodes  may 
change  from  time  to  time  due  the  change  of  network  topol¬ 
ogy  and  membership.  Based  on  the  analysis  of  security 
threats  and  requirements  of  rSerPool  in  MANET,  we  pro¬ 
pose  a  novel  ad-hoc  threshold  signature  scheme  as  a  basic 
cryptographic  component  to  secure  the  service  provision  of 
rSerPool,  especially  to  tolerate  Byzantine  attacks. 

II.  THRESHOLD  SIGNATURES  IN  MANET 

Threshold  digital  signature  schemes  with  parameters  (L.  n) 
satisfy  the  following  properties:  at  least  t  +  1  parties  are 
able  to  generate  a  signature  on  a  given  message;  at  most 
t  parties  are  not  able  to  generate  a  valid  signature;  finally, 
any  t  <  n/2  parties  (where  n  is  the  total  number  of  par¬ 
ties)  cannot  prevent  the  remaining  honest  parties  to  generate 
a  threshold  signature. 

In  the  traditional  threshold  signature  scheme,  the  thresh¬ 
old  value  t.  and  the  number  of  participants  n  are  fixed  after 
the  protocol  is  initiated.  Such  fixed  values  do  not  match 
the  rapid  change  of  nodes’  availability  and  connectivity  in 
MANET.  In  our  scheme,  both  t  and  n  can  be  selected  dy¬ 
namically  based  on  current  network  characteristics.  Novel¬ 
ties  of  our  ad-hoc  threshold  signature  scheme  include:  ad 
hoc  server  selection  and  dynamic  group  member  addition 
/  deletion.  The  proposed  scheme  can  be  divided  into  two 
phases:  (a)  distributed  key  generation  and  (b)  signature  gen¬ 
eration.  We  assume  that  secure  routing  is  available  in  the 
former  phase  only.  In  the  key  generation  phase,  our  scheme 
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is  similar  to  [2],  but  with  two  major  differences.  First,  each 
party  randomly  chooses  different  sets  of  secrets  and  corre¬ 
sponding  polynomials  for  different  threshold  values;  assume 
there  are  up  to  r  compromised  servers,  then  t  £  {r, . . . ,  [n/2j }. 
Second,  the  public  key  of  threshold  signature  is  not  deter¬ 
mined  at  the  end  of  the  phase,  but  different  public  keys  for 
different  threshold  values  and  different  desired  subset  of  par¬ 
ties  are  implicitly  defined.  In  the  signature  generation  phase, 
a  client  selects  a  subgroup  of  servers  based  on  the  network’s 
present  characteristics  and  sends  his  selection  and  the  thresh¬ 
old  value  to  the  chosen  servers.  Each  selected  server  then 
uses  these  values  in  the  generation  of  a  bandwidth  and  com¬ 
putation  efficient  partial  signature  with  a  careful  modifica¬ 
tion  of  the  algorithm  in  [3],  The  detailed  protocols  of  pro¬ 
posed  ad  hoc  threshold  signature  and  cryptographic  proof 
can  be  found  in  our  paper  [4], 

Our  simulation  also  shows  the  advantage  of  the  proposed 
scheme.  The  simulation  compares  two  scenarios:  one  is 
with  the  group  of  servers  fixed  at  the  beginning;  the  other 
is  with  the  ad  hoc  group  of  dynamic  server  selection.  The 
simulation  is  carried  on  the  simulator  QUALNET.  The  de¬ 
tail  settings  are  the  following:  30  nodes  randomly  placed 
in  a  1500m  x  1500m  flat  plane;  Random  way  point  with 
speed  [2,20]  m/s  and  30  sec  pause;  IEEE802.il  physical 
layer  and  MAC  layer;  AODV  routing  protocol.  The  cho¬ 
sen  threshold  is  (2,  5).  There  are  two  timeouts  in  the  client 
side  to  limit  severe  delay:  request-transmitting  timeout  and 
response-waiting  timeout.  CBRfConstant  Bit  Rate)  flows 
are  used  to  simulate  the  network  traffic.  Fig.  1  shows  the 
average  success  rate  of  obtaining  valid  signatures.  With  the 
increasing  of  the  CBR  bit  rate,  the  traffic  in  MANET  be¬ 
comes  more  and  more  intense  and  clients  experience  longer 
and  longer  delay.  Frequent  timeouts  make  all  the  curves  de¬ 
crease.  But  it  is  clear  to  see  that  the  success  rate  of  threshold 
signatures  with  ad  hoc  server  selection  is  much  better  than 
the  case  of  fixed  servers. 


Success  rate  of  obtaining  threshold  signatures  (2,  5),  AODV  routing 


Fig.  1.  The  rate  of  obtaining  valid  signatures  successfully 


III.  SECURE  SERVICE  OF  RSERPOOL 

Threshold  signature  provides  essential  authentication  ser¬ 
vice  in  rSerPool.  After  NSs  finish  key  agreement  phase, 
each  PE  registers  its  service  to  the  NSs.  Instead  of  contact¬ 
ing  one  NS,  a  PE  contacts  several  NSs.  After  providing  NSs 
the  proof  of  the  service  it  claims,  PE  then  asks  for  the  reg¬ 
istration  and  the  threshold  signature  on  its  public  key,  i.e., 
certificate.  Name  resolution  is  the  step  that  PU  asks  NS  to 
provide  a  list  of  addresses  of  available  PEs  providing  certain 
service.  Similar  to  PE  registration,  a  PU  contacts  several 
NSs  to  get  the  resolution  signed  by  each  of  the  chosen  NSs. 
NSs  can  also  provide  the  threshold  signature  on  PU’s  public 
key.  With  the  certificates  provided  by  NSs,  PE  and  PU  can 
authenticate  each  other  and  build  a  private  channel  for  fur¬ 
ther  communication.  NSs  can  also  keep  a  revocation  list  in 
their  database  for  query.  In  other  words,  the  NSs  can  play 
the  role  of  distributed  certificate  authority  in  MANET,  thus 
avoiding  problems  with  ordinary  CA’s  such  as  “single  point 
of  failure”  and  allowing  a  Byzantine  adversary  to  corrupt  a 
small  number  of  NSs.  Note  that,  although  NSs  are  the  ma¬ 
jor  entities  to  issue  threshold  signatures,  PE  and  PU  can  also 
join  the  protocols  and  provide  threshold  signatures.  There¬ 
fore,  reliable  service  provided  between  PEs  and  PUs  can  be 
resistant  with  respect  to  failover  of  a  small  number  of  PEs, 
and  even  tolerates  corruption  of  a  small  number  of  PEs  by 
a  Byzantine  adversary.  We  stress  that  our  constructions  of  a 
distributed  certificate  authority  in  MANET  and  of  a  secure 
rSerPool  are  based  on  essentially  minimal  model  assump¬ 
tions  (a  threshold  bound  on  the  number  of  failovers  or  nodes 
corrupted  by  an  adversary,  and  availability  of  secure  routing 
only  required  in  a  preliminary  phase,  run  only  once). 

IV.  CONCLUSION 

A  novel  threshold  signature  scheme  with  the  features  of 
ad  hoc  sever  selection  and  dynamic  membership  is  presented 
in  the  paper  to  secure  the  service  provision  of  rSerPool  in 
MANET,  and  especially  to  tolerate  the  Byzantine  attack.  We 
note  that  our  threshold  scheme  and  analysis  can  be  applied 
to  secure  other  applications  in  MANET. 
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